search

nesto-software / USBProxy

A USB proxy for rpi 4b, based on libUSB & gadgetFS - maintained by Nesto
GNU General Public License v2.0
45 stars 13 forks source link

Trouble capturing to file #38

Open Ownasaurus opened 2 years ago

Ownasaurus commented 2 years ago

First of all, thanks so much for this project! I am trying to use this on a fresh Raspberry Pi 4b to log some USB traffic. After using the install-from-release.sh script, I was able to run it successfully, with -v to select the appropriate VID. The data is being passed through properly. -l works great, allowing me to see a live stream of packets. However what I would really like to do is log to a file. Unfortunately the -w option is not working for me. Am I doing something wrong, or is there a bug?

Here is some information which may be relevant:

Linux raspberrypi 5.10.60-v7l+ #1449 SMP Wed Aug 25 15:00:44 BST 2021 armv7l GNU/Linux
sudo usb-mitm -d -v 20d6 -w ~pi/dump.pcap
...
error opening library /usr/lib/USBProxy/PacketFilter_PcapLogger.so: cannot open shared object file: No such file or directory
pi@raspberrypi:~ $ ls /usr/lib/USBProxy/
DeviceProxy_Callback.so      PacketFilter_Callback.so
DeviceProxy_LibUSB.so        PacketFilter_KeyLogger.so
DeviceProxy_Loopback.so      PacketFilter_MassStorage.so
DeviceProxy_TCP.so           PacketFilter_Power.so
HostProxy_GadgetFS.so        PacketFilter_ROT13.so
HostProxy_TCP.so             PacketFilter_StreamLog.so
Injector_UDPHID.so           PacketFilter_UDPHID.so
Injector_UDP.so              PacketFilter_ZeroMQ.so

Thanks for your time, and thanks for a great project!

Ownasaurus commented 2 years ago

Of note -- I just set up VS Studio on my windows machine to build from source remotely. The -w option works perfectly in this manner on the compiled binary

EDIT: And, in fact, the original binary now works fine too! Probably because the appropriate .so is in /usr/lib/USBProxy now

MartinLoeper commented 2 years ago

Hey @Ownasaurus!

That is a very good observation! I think you spotted a bug in the GitHub actions workflow which accidentally disabled the pcap functionality for the latest stable release. That probably happens because pcap is not found in the build pipeline somewhere around here: https://github.com/nesto-software/USBProxy/blob/master/src/Plugins/Filters/CMakeLists.txt#L15 (PCAP_FOUND and/or USE_PCAP)

Glad you found a workaround by building from source in the meantime. Have to fix this when I have some time.

Ownasaurus commented 2 years ago

Thanks for your reply, @MartinLoeper . Another thing I noticed today is that the first packet written to file is the descriptor request for a string. Is it possible to capture earlier packets, such as the device descriptor request, with this tool? If not, could we please put that down for a feature request? Thanks!

MartinLoeper commented 2 years ago

Hi @Ownasaurus, I guess what you want to do can be achieved using a filter and the SetupPacket parameter. What do you think?

You just have to write a custom filter like I did for ZeroMQ and activate it on the command-line using the -P option.